General

  • Target

    6EC77929D5F70F9BC4724D23DDBC2653.exe

  • Size

    838KB

  • Sample

    210418-62cq4d9by2

  • MD5

    6ec77929d5f70f9bc4724d23ddbc2653

  • SHA1

    da208bfa51ed091056f03dff8f1ba540472210d8

  • SHA256

    03e3837f16d46a1a0a13904fae467c105b1aae66b382e8313b20b90269e53ed6

  • SHA512

    370d956fb270a6f136a85983542195414790b116dd4166d448b7c55c9846e18959758117cd399196c62c51f1817a2e633e2e95d10565c4858250f7162f0ddfe6

Malware Config

Targets

    • Target

      6EC77929D5F70F9BC4724D23DDBC2653.exe

    • Size

      838KB

    • MD5

      6ec77929d5f70f9bc4724d23ddbc2653

    • SHA1

      da208bfa51ed091056f03dff8f1ba540472210d8

    • SHA256

      03e3837f16d46a1a0a13904fae467c105b1aae66b382e8313b20b90269e53ed6

    • SHA512

      370d956fb270a6f136a85983542195414790b116dd4166d448b7c55c9846e18959758117cd399196c62c51f1817a2e633e2e95d10565c4858250f7162f0ddfe6

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Executes dropped EXE

    • Sets file execution options in registry

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Hidden Files and Directories

2
T1158

Defense Evasion

Modify Registry

6
T1112

Hidden Files and Directories

2
T1158

Discovery

Query Registry

3
T1012

System Information Discovery

5
T1082

Tasks